India Insights with Varun Haran

Enterprise Mobility Management / BYOD , Insider Threat , Legislation & Litigation

Mobile Security: Still a Leap of Faith

Practitioners Say Solutions Fail to Keep Pace with Threats
Mobile Security: Still a Leap of Faith

At a recent conference organized by ISMG in Mumbai, I had the opportunity to moderate discussions with practitioners and attendees in the audience, over a unique session held in the world café format. Groups of delegates divided their time across a set of tables, each table focusing on a single topic of discussion in the InfoSec domain.

See Also: Breaking Free from VPN Limitations: Simplifying Remote Access Security

The topic I moderated was mobile security, and I choose to focus the conversation around the effectiveness and applicability of mobile technologies in Indian enterprises today. Hearing from the assembled practitioners gave me some distinct impressions on where the majority of the participants stood on the issue. Here are a few.

Mobile Security Lacks Assurance

The first question that I asked was whether attendees felt that the mitigations and security technologies in the mobile space today have kept pace with the threat landscape - especially in the Indian context.

Not surprisingly, the overwhelming response to this query was no - some emphatically so, leading me to the conclusion that mobile security technologies in the market today have not delivered the level of reassurance that security practitioners expect.

The reasons are many, but it bears noting that only six participant out of the 50 were either satisfied with the mobile mitigations available, or were ambivalent to the question - which is to say, they believed the answer would hinge on multiple variables, but the technology itself was available.

The two biggest issues that the delegates highlighted were the lack of maturity in existing solutions and their inability to sufficiently reassure user organizations that critical business data was protected. The majority of the participants felt that endpoint controls were not evolved enough to keep up with the developments in mobile platforms and the increasing versatility, functionality and power these devices provide today.

Ironically, while users are increasingly more intuitive when it comes to using mobile computing devices, a large number of practitioners in the sample claim user acceptability of security technologies, is a significant challenge to deployment efforts.

Governance and administration of the ever increasing diversity of mobile devices and the inability of security solutions to keep up with these also emerged as major issues. Device diversity and support for newer devices/platforms (or lack thereof) is giving practitioners sleepless nights and adding to the confusion.

The groups felt that finding skilled personnel to effectively manage mobile security solutions and accountability issues with mobile device management and similar solutions were holding them back from investing in these tools. Overall, if this sample is any indication, my premise holds true: While there was unanimous consensus that mobility has increased the attack surface in organizations significantly, assurance from mobile security solutions today remains low.

BYOD v2.0?

This is reminiscent of the BYOD story in India over the past several years, where organizations decided to embrace BYOD, rolling out policies and technologies, expecting - or rather praying - that they could nip in the bud what was obviously going to be a security challenge. Initial euphoria that policies and governance could deal effectively with BYOD challenges gave in to despair, with most dubbing BYOD as "bring your own disaster."

While the ecosystem has matured, and the technologies available to administer mobile devices are becoming increasingly granular, the sentiment of all the groups I interacted with speaks to the acceptability of mobile security technologies such as MDM to Indian security practitioners. And perhaps that organizations themselves are not equipped or mature enough to use these effectively.

Several practitioners argued that, just like in the case of BYOD, many organizations need to get their basic people and process equations right, to be mature enough to consider effectively deploying granular MDM-like security solutions. As with BYOD, where many argued that the fault lay with organizations themselves and not the idea of BYOD itself, so it is with mobile security.

With mobile security solutions, the case may be twofold - that organizations are still not mature enough to get the best out of these technologies, and that the solutions themselves have a ways to go before they gain broad acceptability in Indian organizations.

About the Author

Varun Haran

Varun Haran

Managing Director, Asia & Middle East, ISMG

Haran has been a technology journalist in the Indian market for over six years, covering the enterprise technology segment and specializing in information security. He has driven multiple industry events such as the India Computer Security Conferences (ICSC) and the first edition of the Ground Zero Summit 2013 during his stint at UBM. Prior to joining ISMG, Haran was first a reporter with TechTarget writing for SearchSecurity and SearchCIO; and later, correspondent with InformationWeek, where he covered enterprise technology-related topics for the CIO and IT practitioner.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.